Silk Road forums
Discussion => Shipping => Topic started by: Ivory on February 02, 2012, 04:53 pm
-
Dear SR buyers
PLEASE, when at the checkout filling your address for your orders take care in typing your details CORRECTLY. I have noticed recently a lot of small errors in Addresses when filling in orders, from misspelled cities, streets to some typing the ZIP/Postal code incorrectly. I have had to double-check a lot of addresses recently by searching the web to re-correct them and also contacting buyers to clarify. Please take extra care! Take a moment to make sure everything is correct before proceeding, neither party wants items going missing or taking forever in transit.
That is all :)
-
That and some recommend that you encrypt your address information before submitting it during your order.
I actually forgot to put what country I'm in for my order but the status says "In transit" so I guess they figured out where I'm ordering from. :P
-
That and some recommend that you encrypt your address information before submitting it during your order.
I actually forgot to put what country I'm in for my order but the status says "In transit" so I guess they figured out where I'm ordering from. :P
SR encrypts your address for you, and then deletes it once the seller marks it as in transit. I doubt there's reason to encrypt it a second time. But, yes, people really do need to be careful about their addresses...
-
That and some recommend that you encrypt your address information before submitting it during your order.
I actually forgot to put what country I'm in for my order but the status says "In transit" so I guess they figured out where I'm ordering from. :P
SR encrypts your address for you, and then deletes it once the seller marks it as in transit. I doubt there's reason to encrypt it a second time. But, yes, people really do need to be careful about their addresses...
If SR was ever comprimised by LE it would be real bad news for people who didn't use GPG to encrypt their addresses.
-
Ah, I wasn't aware they did it for you automatically. That's good to know.
Although just to be safe and paranoid I'll probably encrypt it with my own PGP anyhow lol.
-
SR encrypts your address for you, and then deletes it once the seller marks it as in transit. I doubt there's reason to encrypt it a second time. But, yes, people really do need to be careful about their addresses...
no need to wear a seatbelt because the road was built well enough accidents cannot happen, by this logic
-
That and some recommend that you encrypt your address information before submitting it during your order.
I actually forgot to put what country I'm in for my order but the status says "In transit" so I guess they figured out where I'm ordering from. :P
SR encrypts your address for you, and then deletes it once the seller marks it as in transit. I doubt there's reason to encrypt it a second time. But, yes, people really do need to be careful about their addresses...
Never rely on ANYONE to do security for you, especially when there are things you can do yourself. Like encrypting your messages using GPG.
-
That and some recommend that you encrypt your address information before submitting it during your order.
I actually forgot to put what country I'm in for my order but the status says "In transit" so I guess they figured out where I'm ordering from. :P
SR encrypts your address for you, and then deletes it once the seller marks it as in transit. I doubt there's reason to encrypt it a second time. But, yes, people really do need to be careful about their addresses...
are you serious? you should not be telling people to not worry about encrypting their address with PGP.
lots of people used to do that with hushmail, then guess what? hushmail cooperated with LE.
it doesn't matter how trustworthy you think SR is or how safe you think your data is. if you are sending personal information, you NEED to encrypt it. you should never trust someone else to keep you secure
-
That and some recommend that you encrypt your address information before submitting it during your order.
I actually forgot to put what country I'm in for my order but the status says "In transit" so I guess they figured out where I'm ordering from. :P
SR encrypts your address for you, and then deletes it once the seller marks it as in transit. I doubt there's reason to encrypt it a second time. But, yes, people really do need to be careful about their addresses...
are you serious? you should not be telling people to not worry about encrypting their address with PGP.
lots of people used to do that with hushmail, then guess what? hushmail cooperated with LE.
it doesn't matter how trustworthy you think SR is or how safe you think your data is. if you are sending personal information, you NEED to encrypt it. you should never trust someone else to keep you secure
I agree, always encrypt your address, better safe then sorry.
Just want to say about hushmail...every company WILL cooperate with LE if need it. If there is a warrant by the court, they must to cooperate.
Hushmail clearly say that on their privacy regulations, (like any other legit company).
-
That and some recommend that you encrypt your address information before submitting it during your order.
I actually forgot to put what country I'm in for my order but the status says "In transit" so I guess they figured out where I'm ordering from. :P
SR encrypts your address for you, and then deletes it once the seller marks it as in transit. I doubt there's reason to encrypt it a second time. But, yes, people really do need to be careful about their addresses...
are you serious? you should not be telling people to not worry about encrypting their address with PGP.
lots of people used to do that with hushmail, then guess what? hushmail cooperated with LE.
it doesn't matter how trustworthy you think SR is or how safe you think your data is. if you are sending personal information, you NEED to encrypt it. you should never trust someone else to keep you secure
I agree, always encrypt your address, better safe then sorry.
Just want to say about hushmail...every company WILL cooperate with LE if need it. If there is a warrant by the court, they must to cooperate.
Hushmail clearly say that on their privacy regulations, (like any other legit company).
I've heard great things about lavabit and riseup. Either way, encrypt every message if you must use an email service.
And you should ALWAYS encrypt ANYTHING relating to sensitive information on SR. Do not rely on their security to help you.
-
Is it worth encrypting your address with PGP? I know most vendors have their public key showing and encourage PGP use.. but I know a lot of buyers can't be arsed with setting up PGP which can be a bit tricky for some non-computer savvy people.
So what's the obvious benefits to using PGP? I mean, your address is not stored on SR anyway and presumably most vendors will delete it once the order is shipped. And since address is not e-mailed across the internet and vendors have to login to read messages via Tor it seems quite secure without PGP. Maybe I'm missing something? I guess it just provides an extra layer of security should a vendor get busted and their account seized but LE.
-
Put it this way - Your address is the weakest link in the chain. The temporary breaking of anonymity represents a danger. It only takes 1 minute to help protect that part. You tell me if it's worth it.
-
Is it worth encrypting your address with PGP? I know most vendors have their public key showing and encourage PGP use.. but I know a lot of buyers can't be arsed with setting up PGP which can be a bit tricky for some non-computer savvy people.
So what's the obvious benefits to using PGP? I mean, your address is not stored on SR anyway and presumably most vendors will delete it once the order is shipped. And since address is not e-mailed across the internet and vendors have to login to read messages via Tor it seems quite secure without PGP. Maybe I'm missing something? I guess it just provides an extra layer of security should a vendor get busted and their account seized but LE.
A. If a seller gets his account broken into, do you really want your address plaintext?
B. You should assume SR has always been compromised, is compromised, and will always be compromised. Do not rely on any of SRs security features to keep you safe.
Also mentioned, it takes less than a minute and adds loads of security. There really isn't a reason NOT to do it.
-
I think learning Tor, PGP, bitcoins and all the rest of the SR Experience should be rites of passage for all potential buyers here. I taught myself and there's plenty of info in the forums. I don't want to be a (slightly less) noob talking down to newer noobs but this place is fragile and an amazing service so it behooves us all that people should know what they're doing when they're here.
-
I taught myself and there's plenty of info in the forums.
Not just that, but plenty of people on the forum are willing to explain/help you figure this stuff out. It's really not as difficult as it seems even if you aren't a tech-savvy person. You just gotta put in a little effort and you'd realize it's fairly simple.
-
Dear SR buyers
PLEASE, when at the checkout filling your address for your orders take care in typing your details CORRECTLY. I have noticed recently a lot of small errors in Addresses when filling in orders, from misspelled cities, streets to some typing the ZIP/Postal code incorrectly. I have had to double-check a lot of addresses recently by searching the web to re-correct them and also contacting buyers to clarify. Please take extra care! Take a moment to make sure everything is correct before proceeding, neither party wants items going missing or taking forever in transit.
That is all :)
Yeah, I'm always really paranoid about this. On my first transaction I accidentally forgot to send my zip code, but, he messaged me back.
-
Is it worth encrypting your address with PGP? I know most vendors have their public key showing and encourage PGP use.. but I know a lot of buyers can't be arsed with setting up PGP which can be a bit tricky for some non-computer savvy people.
So what's the obvious benefits to using PGP? I mean, your address is not stored on SR anyway and presumably most vendors will delete it once the order is shipped. And since address is not e-mailed across the internet and vendors have to login to read messages via Tor it seems quite secure without PGP. Maybe I'm missing something? I guess it just provides an extra layer of security should a vendor get busted and their account seized but LE.
Notice how you only question things when you don't use GPG. When you decide to use it, those questions all go away. There is the answer. Well, speaking as a newbie, evident by my first post I can say that people who are not willing to LEARN things should not be in this business. Adaptation means being flexible and it's against natural law to refuse to adapt and still succeed, at least for the long run.
I have a degree in neuroscience psychology. I know absolutely NOTHING of computers except how to research on them. It took me one week to learn and understand completely: Tor, Proxies, Bitcoin Marketplace via IRC and GPG. I put my time in and now I have peace of mind and I don't need to ask myself questions like this that no one could really know the answer to (for individual situations) anyways.
-
I'm still learning and planning my first SR purchase to test out the waters, so forgive me if this is a dumb question.
You guys are talking about encrypting your address, but where? Are you talking about right at the checkout area?
When I have something in my shopping cart, it shows the item and below it a box that says "Please enter your name and address as it would be on a letter"--is that the one you're talking about? I understand how to use gpg for e-mails, but how would it work in that box?
Sorry, but since I haven't made a purchase yet (need to get some bitcoins first) I'm not sure if I'm missing something. Yeah, I'm a dumb newb, but I'm learning.
-
...When I have something in my shopping cart, it shows the item and below it a box that says "Please enter your name and address as it would be on a letter"--is that the one you're talking about? I understand how to use gpg for e-mails, but how would it work in that box?...
What OS and application are you using to do e-mail encryption? Different tools have different capabilities and knowing that might help us to help you.
If nothing else -- and this is hardly the best way (or even a good one) -- you might try entering the information into your e-mail program as if composing a message, encrypt it, save the draft message without sending, open the draft, highlight the entire body, copy (Ctrl-C) it, then paste (Ctrl-V) into the text box on the SR web page.
-
Crunchy, thanks for the swift reply.
OS is Ubuntu (Oneiric) and I'm using Evolution e-mail client. Evolution supports GPG just fine for sending messages, but as far as I can tell (and I've only been figuring this out/setting it up for a day or two, so I know I may be missing some tricks) you can only encrypt when you hit the send button and then only to the person to whom the key is registered.
I don't know if you're familiar with ubuntu, but there's apparently a bug in the new version and the previous way of encrypting via seahorse (GnuPG frontend) no longer has its own text editor. This may or may not be fixed before the new update in April. It works fine managing key rings, though, and apparently one can encrypt/decrypt text via command line apparently, but I haven't worked that out yet. I've tried looking at a few guides, but they are confusing. If anyone has any easy to follow instructions for using the command line, that would be great.
Thanks in advance for any help/advice/words of wisdom
-
I read my address over 10 times before I encrypt it.
-
This should be the first sticky in shipping cause its some good advice
If you are having trouble with pgp the bare minimum you could at least use a browser based encryption system like the one at:
https://www.igolder.com/PGP/encryption/
You enter the vendors key in the first box, then your address (triple checked for accuracy) in the second box. One click and you have an encrypted address to copy and paste into the checkout box.
Good luck, stay safe,
- miR
-
That's fantastic. Thanks, microRNA.
-
While that iGolder website is interesting, I would not use a browser-based PGP encryption method (especially the decryption tool which wants you to paste in a private key).
As for Windows users and GPG4Win with GPA, I wrote this:
http://dkn255hz262ypmii.onion/index.php?topic=9441.msg86924#msg86924
-
I never really thought about how it could be sketch to provide a private key, I just thought it would be helpful to at least encrypt your address if you cant get pgp working on your system for some reason.
So you, and anyone else, think it would be safer to leave your address unencrypted rather than use a browser based site?
-
Your private key is called that for a reason. It's supposed to be completely private.
-
You guys are talking about encrypting your address, but where? Are you talking about right at the checkout area?
When I have something in my shopping cart, it shows the item and below it a box that says "Please enter your name and address as it would be on a letter"--is that the one you're talking about? I understand how to use gpg for e-mails, but how would it work in that box?
Open up your favorite text editor, write the message you want to send to the seller, encrypt the text, then copy and paste the output (usually ends up as an .asc file on your computer) into the text box on SR.
-
57 you must be in college. A private key is not required to encrypt an address though.